From: "David E. Smith" <dsmith@midwest.net>
Date: Thu, 9 Nov 1995 08:19:58 +0800
To: John Curtis <jbell@capecod.net>
Subject: Re: expiration dates on cryptography
Message-ID: <199511081549.JAA28561@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:21 AM 11/8/95 -0500, John Curtis wrote:
>Given that trust is often of an ephemeral nature, it would be
>quite useful to set time limits on secrets.  Would it be possible
>to cryptographically protect a secret such that it could not be
>decrypted after a certain time?
   It's a nice idea, really.  The problem is - how do you verify the
absolute time?  For instance, by resetting a PC's internal clock
you can instantly circumvent that measure.  Possibly by forcing
the application to consult a "reliable" clock like one of the
cesium clocks, but that could be hacked.
   Unless you can absolutely, reliably, and without fear/danger of
being hacked around, verify the correct time, self-destruct crypto
probably won't happen.
----- David E. Smith, dsmith@midwest.net, PGP ID 0x92732139
http://www.midwest.net/scribers/dsmith